Hi Rok, Without cephx enabled, any ceph client having network access to the Ceph mon/osd/mds can connect to the cluster and do whatever they want. E.g. delete any objects or pools or anything. The only way I can think that this is workable would be to restrict Ceph to an isolated network and re-export CephFS using NFS Ganesha or Samba. Cheers, Dan On Tue, Jan 7, 2025 at 8:03 AM Rok Jaklič <rjaklic@xxxxxxxxx> wrote: > > Hi, > > is it possible somehow to restrict client in cephfs to subdirectory without > cephx enabled? > > We do not have any auth requirements enabled in ceph. > > auth cluster required = none > auth service required = none > auth client required = none > > Kind regards, > Rok > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx -- Dan van der Ster CTO @ CLYSO Try our Ceph Analyzer -- https://analyzer.clyso.com/ https://clyso.com | dan.vanderster@xxxxxxxxx _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |